Digital communication systems and methods such as email and short messaging service (SMS) text are highly convenient and ubiquitous in daily communication. Significant quantities of useful, entertaining, and even mundane information is exchanged via these digital communication methods. However, these digital communication methods can be insecure and/or otherwise inadequate for exchanging certain types of sensitive information. Users of digital communication systems can easily spoof other users, such as by pretending to be someone they are not when providing information via a digital communication. Further particularly sensitive information may be hacked or modified enroute, or after delivery.
The nature of many current digital communication systems and methods makes them inadequate for exchanging certain types of information, particularly in situations where it is important to be able to detect forgery or tampering. Specifically, where confirmation of the sender of the information or intent of the sender may be critical to the exchange, presently available digital communication systems and methods may be inadequate. Traditionally, communication validation processes have been performed using public key cryptography by single centralized trusted third parties such as a public key exchange server and intermediate fully trusted third parties. With public key cryptography (or asymmetric cryptography) a primary shortcoming is the initial sharing, discovery, association with a real world identity, and continuous authentication and/or revocation of this association, all happening electronically and automatically. Stated otherwise, a central challenge with the use of presently available public key cryptography is obtaining confidence (and proof such as to a third-party) that a particular public key is authentic—i.e., that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party.
Similarly, where a likelihood of unauthorized modification of information is high and the validity (or integrity) of the information is critical to the exchange, presently available digital communication systems and methods may be inadequate. Present technologies enable establishment of secure channels of communication. For example, a variety of secure communication standards that use public key technology have been developed, including Secure Hypertext Transfer Protocol (SHTTP), IP Security (IPSec), point-to-point tunneling protocol (PPTP), layer 2 tunneling protocol (L2TP), and virtual private network (VPN). Secure Web communication protocols include secure sockets layer (SSL) 3.0 and the open transport layer security (TLS) protocol that is based on SSL. Existing secure channels of communication ensure verified data is exchanged untampered, and the verification of the data is possible while the secure channel is connected, but verifiability of the integrity of the data is lost when the secure channel connection ends. As a result, there is no ability to verify the integrity of data to a third-party after the exchange of data.
In short, presently available digital communication systems and methods lack authentication that a communication is originating from the perceived sender and lack ability to provide to a third party evidence of verification of the integrity of information or data being exchanged (e.g., verification that information is not modified by some attack). These shortcomings have hampered the development of secure communication in certain settings, such as in circumstances where legal liability may be imposed based on the electronic communication. Some communications simply cannot occur by presently available digital communication systems.
For example, businesses often cannot perform business related actions based on an email or SMS by one of their clients or partners as there is a high risk of an external attack. Attacks range from broad unfocused phishing attacks targeting several businesses all at once, to spear-phishing attacks which generally include the impersonation of somebody in their business network requesting some business critical information, action, or financial transaction. For this problem to be solved a receiver of an email, SMS text, or any other type of transactional-type communication must employ other channels of communication to be sufficiently sure that they are dealing with the intended person, as well as that the message received is unmodified.
Presently this validation of identity and accuracy of communication is achieved through a secondary channel of communication such as a phone call whereby the receiver asks for audio validation of both identity (the sender's voice) as well as intention/request. In other words, parties are communicating through two distinct channels—a primary communication through a first communication channel (e.g., email) and a confirmatory communication through a second communication channel (e.g., a phone call)—which is cumbersome and inefficient for both parties to the exchange. Moreover, a challenge with audio or visual communication for confirmation of a primary communication is that it can be very difficult to keep track of the confirmatory communication providing the validation and such validations can lack sufficient credibility, such as during a legal enforcement. Accordingly, employing audio verification is both burdensome on many businesses, as well as not scalable.
The foregoing shortcomings provide context as to why electronic information exchanges in certain situations (e.g., to facilitate or otherwise exchange data for entering into legally binding contractual arrangements, such as executing digital contracts) generally proceed through a trusted third party such as a digital signature service provider. The risk is effectively assumed by the online service provider. If the online service provider data is hacked or corrupted, it is difficult if not impossible for the contracting parties to retrieve their contracts, and furthermore, often impossible to verify the contract integrity itself.